The growth of social media poses a dilemma for security and law enforcement agencies. On the one hand, social media could provide a new form of intelligence – which we call SOCMINT – that could contribute decisively to keeping the public safe. On the other, national security is dependent on public understanding and support for the measures being taken to keep protect us, as the public debate surrounding the recent proposed UK Communications Capability Development Programme (CCDP) demonstrated.
However, social media challenges current conceptions about privacy, consent and personal data, and new forms of technology allow for more invisible and widespread intrusive surveillance than ever before. As a result, the collection and analysis of social media for intelligence purposes does not fit easily into the policy and legal frameworks that guarantee that such activity is proportionate, necessary, effective and accountable. The Regulation of Investigatory Powers Act for example, was passed in 2000, long before social media use was widespread.
#Intelligence, our new paper released today is the first effort to examine the ethical, legal and operational challenges involved in using social media for intelligence and insight purposes. It sets out the first blueprint for how SOCMINT can become part of the intelligence framework, based on a publicly argued, legal footing, with clarity and transparency over use, storage, purpose, regulation and accountability. It presents six ethical principles that can help government agencies approach these challenges and argues for changes to the current regulatory, legal and operational framework, including a review of the current Regulation of Investigatory Powers Act 2000.
We put forward a dual-route approach, which distinguishes between:
‘Open-source, non-intrusive SOCMINT’ which would not be used to identify individuals or as a means of criminal investigation and should not puncture the privacy wishes of any user. It can be conducted on a similar basis to non-state actors, such as universities and commercial companies. This might include such activity as openly crowd sourcing information through Twitter or Facebook to gain situational awareness in the event of public disorder or gauging general levels of community tension.
‘Intrusive or surveillance SOCMINT’ which is the exercise of state-specific powers of access intended to result in the identification of individuals and access to private information. This could range from collecting publicly available data about specific individuals to intercepting and reading personal communications. This access needs to be governed by an ethical and legal framework, which maintains an association between harm, privacy, authorisation, agency and cause, such as limits on the number of agencies permitted to undertake it depending on the degree of intrusion.
The ethical principles developed by our co-author Sir David Omand are:
- Principle 1: There must be sufficient, sustainable cause
- Principle 2: There must be integrity of motive
- Principle 3: The methods used must be proportionate and necessary
- Principle 4: There must be right authority, validated by external oversight
- Principle 5: Recourse to secret intelligence must be a last resort if more open sources can be used
- Principle 6: There must be a reasonable prospect of success
A combination of this approach and these principles can ensure that social media can be used as a valuable way to protect the public while ensuring that the internet remains a free and open place for the exchange of ideas.